By Susan Bradley
Fasten your seatbelts, it’s Patch Tuesday.
Microsoft released 12 bulletins on Feb. 8 that covered the gamut, from operating systems to Office suites to Messenger applications.
Inside these 12 bulletins are a lot of patches to handle — even if you are like me where you have a patch management tool and a tried-and-true process to deal with them. Fellow Microsoft MVP Harry Waldron recommended in his security blog that we "admins" have an extra bowl of Wheaties (an American breakfast cereal) to ensure we had strength. He wasn’t kidding!
So what did I do when I saw the bulletins arrive on my desktop on Tuesday morning? Well the first thing I did was determine which patches needed to be installed on certain workstations or servers faster than others. I call this process "zoning," and it helps me to "chunk down" the security patches in more manageable bites that I can handle. I then tried to identify which patches would come down the wire merely with Windows Update and those I’d have to manually install.
Several of the patches out this week are only needed in network environments. And there’s also an update to the Malicious Software Removal Tool. If you don’t have any "bad stuff" on your system, you’ll probably ask yourself "did it do anything?", and you’ll want to run it again manually just to make sure. You can do this by visiting Microsoft’s MSRT Web page and manually running the tool.
In full disclosure, I think I killed a tree while printing out this week’s 12 bulletins just so I could make sure I was getting all the information needed to make my "risk determinations." I’m hoping that my "risk ratings," below, will help you save a fewtrees.
IE and Drag-and-Drop get patched right NOW!
First off, the big news is that included in this batch of patches is a cumulative update for Internet Explorer (MS05-014/867282) and a patch to the Drag and Drop vulnerability (MS05-008/890047).
I know that my desktops still operate with user rights that allow users to install anything they want. I also know that this practice leaves me at higher risk for browser exploits. These are two patches, therefore, that I’ve already installed on my office workstations that are my "tester" machines.
I’ll be installing these patches extremely quickly to my workstations, but I won’t worry about installing these patches until the weekend on my servers. People surf on their workstations, and that’s where the risks lie, but not on the servers. So on my workstations, which are XP SP2, I’m letting the security update for Windows XP (MS05-008) and the cumulative security update for Internet Explorer for Windows XP (MS05-014) be installed now.
Already there are known issues with the MS05-014 patch for Internet Explorer. These issues, including Media Player not playing some chapters of some DVD discs, are listed in KB articles 867282 and 884487.